[wp-hackers] Potential (security) issue with Twenty Ten?
Bjorn Wijers
burobjorn at gmail.com
Thu Jan 6 11:26:11 UTC 2011
Hi,
Not sure if this is the right place to discuss this, so please point me
in the right direction if this should be discussed somewhere else...
I was looking at Twenty Ten and noticed this piece of code below the
theme textdomain loading in the functions.php:
91 load_theme_textdomain( 'twentyten', TEMPLATEPATH . '/languages' );
92
93 $locale = get_locale();
94 $locale_file = TEMPLATEPATH . "/languages/$locale.php";
95 if ( is_readable( $locale_file ) )
96 require_once( $locale_file );
Source:
http://core.trac.wordpress.org/browser/trunk/wp-content/themes/twentyten/functions.php
I do not understand why after loading the theme's translations files
another file ($locale.php) is included. Also the $locale, as far as I
can see although I haven't dived into it, does not get escaped. Somehow
this looks kinda funky.
Can somebody explain why this of code is included in Twenty Ten? And why
this is used after already loading the translations using
load_theme_textdomain() function.
grtz
BjornW
(http://core.trac.wordpress.org/browser/trunk/wp-content/themes/twentyten/functions.php#L93
--
met vriendelijke groet,
Bjorn Wijers
* b u r o b j o r n .nl *
digitaal vakmanschap | digital craftsmanship
Werkdagen:
Van maandag t/m donderdag vanaf 10:00
Vrijdag is voor experimenteren en eigen projecten.
Concordiastraat 68-126
3551 EM Utrecht
The Netherlands
tel: +31 6 49 74 78 70
http://www.burobjorn.nl
More information about the wp-hackers
mailing list